8/4/17

Dynamic Data Masking limits the exposure to sensitive data to users that should not see the data being presented. Dynamic Data Masking is used in conjunctions with other features in SQL Server such as SQL Auditing and Encryption (TDE and row-level encryption) to provide a completely secure database platform.

Database can be masked in different ways, either Full Masking or Partial Masking and there are functions builtin to provide ease of use like ’email()’.

Keep in mind that although a user may not see all the data, updates to the data (if permission applies to the user) will still be committed.

Permissions

Users with SELECT permission on a table can view the table data. Columns that are defined as masked, will display the masked data. Grant the UNMASK permission to a user to enable them to retrieve unmasked data from the columns for which masking is defined.

Use Cases

Need to mask SSN in a column

Need to mask email address in a column

Need to mask phone number in a column

Need to mask refresh copies of Production database in lower environments

The case for masking data can be endless if you have a over protective Information Security Officer

Demo – Dynamic Data Masking

Our demo today will start with a table in our HR database called employee. The demo will be a small sub-set of data for you to get the general idea on how to use Dynamic Data Masking.